Resource access control with dynamic tag
Abstract
In a device including a processor and a memory, the memory includes executable instructions that, when executed by the processor, cause the processor to control the device to perform functions of receiving an access control setting for granting access to an access-controlled resource and a dynamic tag characterizing a member group subject to the access control setting; accessing a data source storing member data including an attribute associated with each member, the attribute including a parameter related to a time or time period. The dynamic tag is mapped to the member data based on (1) the parameter of the attribute and (2) a time or time period associated with the dynamic tag, to identify mapped members forming the member group, wherein the mapped members identified based on a same dynamic tag vary depending on the time or time period associated with the dynamic tag, to identify the member group.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A device comprising:
a processor; and
a memory in communication with the processor, the memory comprising executable instructions that, when executed by the processor, cause the processor to control the device to perform functions of:
receiving, from a user device via a communication network, a user command including (1) a first access control setting for granting access to an access-controlled resource located remotely from the user device and (2) a first dynamic tag containing first context related to a member attribute and second context related to a time or time period;
in response to receiving the user command, accessing a first data source storing first member data of a plurality of members, the first member data including a first attribute associated with each member, the first attribute comprising a first parameter related to an attribute of each member and a second parameter related to a time or time period associated with each member;
mapping the received first dynamic tag to the first member data based on (1) a comparison between the first context of the first dynamic tag and the first parameter of the first attribute associated with each member and (2) a comparison between the second context of the first dynamic tag and the second parameter of the first attribute associated with each member, to identify one or more first mapped members forming a first member group, wherein the one or more first mapped members identified based on the first context of the first dynamic tag varies depending on the time or time period of the second context of the first dynamic tag; and
selectively granting, based on the first access control setting, a member of the first member group access to the access-controlled resource.
2. The device of claim 1 , wherein the access-controlled resource comprises a space, data, hardware or software.
3. The device of claim 1 , wherein the first data source comprises a member schedule data source.
4. The device of claim 3 , wherein the first parameter of the first attribute comprises a title, department, team, office location or geographical location of each member.
5. The device of claim 4 , wherein the second parameter of the first attribute comprises a member shift schedule.
6. The device of claim 1 , wherein, to map the first dynamic tag to the first member data, the instructions, when executed by the processor, cause the processor to control the device to perform a function of:
comparing a time of the mapping with the time or time period associated with the second parameter of the first attribute associated with each member; or
comparing the time or time period associated with the second context of the first dynamic tag with the time or time period associated with the second parameter of the first attribute associated with each member.
7. The device of claim 1 , wherein the instructions, when executed by the processor, further cause the processor to control the device to perform functions of:
after selectively granting the member of the first group access to the access-controlled resource, receiving a second access control setting for granting access to the access-controlled resource and the first dynamic tag and a second dynamic tag, the first and second dynamic tags characterizing a second member group subject to the second access control setting;
accessing the first data source;
mapping the received first dynamic tag to the first member data of the first data source to identify second mapped members;
accessing a second data source storing second member data of the plurality of members, the second member data including a second attribute of each member;
mapping the received second dynamic tag to the second member data based on a parameter of the second attribute, to identify third mapped members; and
selectively granting, based on the second access control setting, a member of the second member group access to the access-controlled resource, the second member group comprising a member included in both the second and third mapped members.
8. The device of claim 7 , wherein the one or more first mapped members are different from the second mapped members.
9. The device of claim 7 , wherein the second data source comprises a member directory data source, member personnel data source, member schedule data source or member location data source.
10. The device of claim 7 , wherein the second attribute comprises a title, department, team, office location, attendance/absence status, shift schedule or geographical location of each member.
11. A method of operating a system for controlling access to a resource, comprising:
receiving, from a user device via a communication network, a user command including (1) a first access control setting for granting access to an access-controlled resource located remotely from the user device and (2) a first dynamic tag containing first context related to a member attribute and second context related to a time or time period;
in response to receiving the user command, accessing a first data source storing first member data of a plurality of members, the first member data including a first attribute associated with each member, the first attribute comprising a first parameter related to an attribute of each member and a second parameter related to a time or time period;
mapping the received first dynamic tag to the first member data based on (1) a comparison between the first context of the first dynamic tag and the first parameter of the first attribute associated with each member and (2) a comparison between the second context of the first dynamic tag and the second parameter of the first attribute associated with each member, to identify one or more first mapped members forming a first member group, wherein the one or more first mapped members identified based on the first context of the first dynamic tag varies depending on the time or time period of the second context of the first dynamic tag; and
selectively granting, based on the first access control setting, a member of the first member group access to the access-controlled resource.
12. The method of claim 11 , wherein the access-controlled resource comprises a space, data, hardware or software.
13. The method of claim 11 , wherein the first data source comprises a member schedule data source.
14. The method of claim 13 , wherein the first parameter of the first attribute comprises a title, department, team, office location or geographical location of each member.
15. The method of claim 14 , wherein the second parameter of the first attribute comprises a member shift schedule.
16. The method of claim 11 , wherein mapping the first dynamic tag to the first member data comprises:
comparing a time of the mapping with the time or time period associated with the parameter of the first attribute associated with each member; or
comparing the time or time period associated with the second context of the first dynamic tag with the time or time period associated with the second parameter of the first attribute associated with each member.
17. The method of claim 11 , further comprising:
after selectively granting the member of the first group access to the access-controlled resource, receiving a second access control setting for granting access to the access-controlled resource and the first dynamic tag and a second dynamic tag, the first and second dynamic tags characterizing a second member group subject to the second access control setting;
accessing the first data source;
mapping the received first dynamic tag to the first member data stored in the first data source to identify second mapped members;
accessing a second data source storing second member data of the plurality of members, the second member data including a second attribute of each member;
mapping the received second dynamic tag to the second member data based on a parameter of the second attribute, to identify third mapped members; and
selectively granting, based on the second access control setting, a member of the second member group access to the access-controlled resource, the second member group comprising a member included in both the second and third mapped members.
18. The method of claim 17 , wherein the one or more first mapped members are different from the second mapped members.
19. The method of claim 17 , wherein the second data source comprises a member directory data source, member personnel data source, member schedule data source or member location data source.
20. A non-transitory computer readable medium storing instruction that, when executed by a processor, cause a computer to perform functions of:
receiving, from a user device via a communication network, a user command including (1) an access control setting for granting access to an access-controlled resource and (2) a dynamic tag containing first context related to a member attribute and second context related to a time or time period;
in response to receiving the user command, accessing a data source storing member data of a plurality of members, the member data including an attribute associated with each member, the attribute comprising a first parameter related to an attribute of each member and a second parameter related to a time or time period;
mapping the received dynamic tag to the member data based on (1) a comparison between the first context of the dynamic tag and the first parameter of the attribute associated with each member and (2) a comparison between the second context of the dynamic tag and the second parameter of the attribute associated with each member, to identify one or more mapped members forming a member group, wherein the one or more mapped members identified based on the first context of the first dynamic tag varies depending on the time or time period of the second context of the first dynamic tag; and
selectively granting, based on the access control setting, a member of the member group access to the access-controlled resource.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.